[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs using members and groups

To: Indexer <indexer@internode.on.net>
Subject: Re: ACLs using members and groups
From: Jonathan Clarke <jonathan@phillipoux.net>
Date: Fri, 18 Jun 2010 16:20:29 +0200
Cc: openldap-technical@openldap.org
In-reply-to: <852EB398-DA0A-4AD0-8900-E9AC88A1FEE1@internode.on.net>
References: <852EB398-DA0A-4AD0-8900-E9AC88A1FEE1@internode.on.net>
User-agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.1.10) Gecko/20100512 Lightning/1.0b1 Thunderbird/3.0.5

On 18/06/2010 11:15, Indexer wrote:

Hi,
	I have a question regarding ACLs and their use in an interesting circumstance.

I have a group, lets call it g, and it contains users a and b. I also have users a, b, c and d. Now, I want user d to be able to have access to write to the members of group g, and unable to access non members of group g. Now lets say i add user e, and e becomes a member of g, i want d to be able to write to these 3 members (a,b,e) without needing to rewrite or insert ACLs etc.

I have been looking alot at the ACL page on the openldap site, and as much as i think the group and regex rules are fantastic, I cant think of how to implement them for this situation. Any help would be greatly appreciated

Thanks for your time and help, yet again.


You can achieve this using sets. See:
http://www.openldap.org/faq/data/cache/1133.html

Jonathan
--
--------------------------------------------------------------
Jonathan Clarke - jonathan@phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------

References:
- ACLs using members and groups
  - From: Indexer <indexer@internode.on.net>

Prev by Date: Re: OpenLDAP, PADL and querying multiple ADs
Next by Date: comp match module has unusable X509 cert code
Index(es):
- Chronological
- Thread